Thursday, February 28, 2008

Password Precaution

What's your password, Richard?
Call it serendipity, call it a synchronous phenomenon, call it what you will. Idly thumbing through last weeks Technology section of the Guardian earlier, I came across a piece by Scott Colvey concerning Virgin Media:
Given that the company happens to be my ISP, I read on & it made for alarming consumption.
I've had cause to speak to Virgin over the phone recently over email issues. The Virgin Media call operative asked me to confirm my password. Unthinkingly, & naively, I provided it over the phone. I didn't think twice about what for me had been a purely technical issue until I saw Colvey's article.
Colvey, too, has Virgin Media as his ISP & was phoned by the company, asking him for his password. Alarm bells well & truly rung, Colvey made inquiries & found that the company has been phoning customers for this information as policy.
Colvey notes that the company appears not to have contravened the Data Protection Act per se. However, it could certainly be said that Virgin Media has acted against the spirit & principle of customer confidentiality.
[BBC Radio 4's "You and Yours" programme today covered the story, including a brief interview with Colvey, & quoted an extremely lame excuse from the company ( ).]
Colvey's Guardian piece nails Virgin Media's flimsy defence to the wall of derision thus:
"When asked to explain the company's policy, Virgin Media said that many major organisations call customers and ask them to confirm their passwords as part of Data Protection Act compliance procedures. This review is, we're told, an ongoing process that could involve any customer at any time. The chap at Virgin Media cited his own bank, NatWest, as an example of another major organisation that does this.
"We called NatWest: it doesn't do this. Indeed, NatWest's advice for customers answering unexpected callers is handy: 'Be cautious if you're asked for peronal information. Remember that they have instigated the call and should already know who you are. NatWest will never ask for your security number or password.' Virgin Media, take note. (Spokesman, check your bank account.)"
I'll be posting the Guardian story to Virgin Media in the expectation of receiving a more plausible & credible explanation than that given to Colvey & the BBC. If the reply is as poor as the one already given, well, the blogosphere's an influential force, isn't it?

No comments: